packages/jackson-databind
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
jackson-databind/CVE-2019-12086.patch
wangxiao65 76636253c8 fix cves
2020-09-20 00:02:00 +08:00

27 lines
1.0 KiB
Diff
Raw Blame History

From dda513bd7251b4f32b7b60b1c13740e3b5a43024 Mon Sep 17 00:00:00 2001
From: Tatu Saloranta <tatu.saloranta@iki.fi>
Date: Tue, 14 May 2019 07:42:10 -0700
Subject: [PATCH] Fix #2326
---
.../jackson/databind/jsontype/impl/SubTypeValidator.java | 3 +++
1 files changed, 3 insertions(+)
diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
index 30adb9471..a17cdf5b7 100644
--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
@@ -80,6 +80,9 @@ public class SubTypeValidator
s.add("org.apache.openjpa.ee.JNDIManagedRuntime");
s.add("org.apache.axis2.transport.jms.JMSOutTransportInfo");
+ // [databind#2326] (2.9.9): one more 3rd party gadget
+ s.add("com.mysql.cj.jdbc.admin.MiniAdmin");
+
DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
}
--
2.23.0
Reference in New Issue View Git Blame Copy Permalink